CVE-2011-4566

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 29-11-2011 01:55

Last modified: - 29-08-2022 10:11

Total changes: - 2

Description

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

6.4

Base score

10.0

4.9

Exploitability score

Impact score

Verification logic

Reference

https://bugs.php.net/bug.php?id=60150
50907-Third Party Advisory, VDB Entry
RHSA-2012:0019-Third Party Advisory
DSA-2399-Third Party Advisory
http://support.apple.com/kb/HT5281
APPLE-SA-2012-05-09-1-Mailing List, Third Party Advisory
48668-Third Party Advisory
openSUSE-SU-2012:0426-Mailing List, Third Party Advisory
47253-Third Party Advisory
RHSA-2012:0071-Third Party Advisory
MDVSA-2011:197-Third Party Advisory
USN-1307-1-Third Party Advisory
php-exifprocessifdtag-dos(71612)-Third Party Advisory, VDB Entry

Keywords

CVE-2011-4566

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2011-4566

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures